1. Field of the Invention
The invention relates in general to the field of user trusted devices equipped with a connection interface for connecting to a host computer, and in particular to software update methods for updating such devices via a network.
2. Description of the Related Art
User trusted devices (including secure, tamper proof devices) are generally known. For example, for online transactions, a solution which has been developed is the so-called Zone Trusted Information Channel (or ZTIC for short). The ZTIC is a secure, non-programmable device for the authentication of transaction data. Since the ZTIC maintains a secured end-to-end network connection to the server, the ZTIC itself is tamper-proof against malicious software attacks and as it has its own input and output components independent of the host it connects to, the data shown on the ZTIC display is genuine. More details can be found in e.g., The Zurich Trusted Information Channel—An Efficient Defence against Man-in-the-Middle and Malicious Software Attacks, by Thomas Weigold, Thorsten Kramp, Reto Hermann, Frank Höring, Peter Buhler, Michael Baentsch. In P. Lipp, A.-R. Sadeghi, and K.-M. Koch (Eds.): TRUST 2008, LNCS 4968, pp. 75-91, 2008. Springer-Verlag Berlin Heidelberg 2008.
Some secure devices that have a built in network card (e.g., routers, storage attached network devices) provide a functionality to be network updatable. These devices, however, need their own network connection.
Other devices use a secure channel through a PC to be updatable (such as the Migros banking memory stick, see e.g., http://www.kobil.com/nc/press-news/newssingleview/article/migros-bank-launches-new-system-for-safer-e-banking.html?tx_ttnews%/5BbackPid%5D=596&cHash=4480355b72). However, these devices require a given operating system to be available on the PC for the update to be successful.